skills/mukul975/anthropic-cybersecurity-skills/post-exploiting-microsoft-graph-with-graphrunner/Gen Agent Trust Hub
post-exploiting-microsoft-graph-with-graphrunner
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and import the GraphRunner toolset from a public repository hosted on GitHub (github.com/dafthack/GraphRunner). This repository belongs to a well-known security researcher and is a standard tool in the cybersecurity testing industry.
- [COMMAND_EXECUTION]: The skill demonstrates the use of PowerShell and Python to perform identity and access management operations such as enumerating users, modifying group memberships, and identifying updatable security groups. These operations use standard Microsoft Graph API endpoints.
- [DATA_EXFILTRATION]: Documentation provides examples of searching mailboxes, SharePoint, and Teams for sensitive strings (e.g., 'password') and configuring inbox forwarding rules. These behaviors are explicitly documented as part of the skill's post-exploitation and impact-demonstration objectives in a security testing context.
Audit Metadata